Introduction

Lifealike Limited, trading as onefinestay and its group companies including Square Break, Hotel Homes SAS and Travel Keys (“we” or “us”) take the privacy of your information very seriously. This policy explains how and for what purposes we use the information collected about you via this site, mobile application or any other onefinestay method (referred to below as the “Site”). Please read this privacy policy carefully.

If you have any queries about the policy, please get in touch with us using our contact details and we will do our best to answer your questions.

This notice applies to personal data provided by our users, our users include our Homeowners, guests staying at a Homeowner’s property or other users. In this notice “you” refers to any individual whose personal data we hold or process (other than our staff and contractors).

We are also wholly owned by the Accor S.A group and adopt their Customer Personal Data Protection Charter set out here: https://www.accorhotels.com/security-certificate/index.en.shtml (“Charter”)

Personal information collected

We will collect the following personal information from you:

Certain information required to register with the Site including first and last name, your address and date of birth together with some basic security information (“Registration Information”);

If you are a Homeowner, information about your property and contact and personal information we need in order to assist with and manage bookings on your behalf (“Property Information”)

Details of any bookings you make or receive through the Site including ID information (either through us or through third parties who use the Site as a booking platform) (“Booking Information”);

Your email address and password (“Login Information”);

Billing information such as your credit card number and expiry date (“Billing Information”);

A record and details of any correspondence or communication between you and us or relating to any complaint submitted to us (“Communication Information”)

Information we may hold for marketing purposes such as email addresses and some information about your personal circumstances (e.g. your location) (“Marketing Information”)

Other technical information you generate as a result of site interactions including your visits to the Site, the resources and pages you access and any searches you make (“Technical Information”).

In collecting information we abide by the following principles.

●Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.

●Legitimacy: We will collect and process your personal data only for the purposes described in this policy and the Charter.

●Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.

●Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.

●Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. This is done by sending an email to notices@onefinestay.com

●Confidentiality and security: We will ensure reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access.

●Sharing and international transfer: We may share your personal data within the AccorHotels Group or with third parties (such as commercial partners and/or service providers) for the purposes set out in this Charter. We will take appropriate measures to guarantee security when sharing or transferring such data.

Although it is not compulsory to give us this information, if you do not then you cannot register as a member of the Site or make a booking for accommodation with our Homeowners.

Basis on which we process personal data

Personal data we hold about you will be processed because the processing is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security; or because you have consented to the processing for the specific purposes described in this notice; or because the processing is necessary in order for us to comply with our obligations under a contract between you and us.

Use of this information

The table below sets out how we process your data and the lawful basis for the processing:

Necessary for our legitimate interests (to keep our records updated and to study how customers use the services we provide)

To administer and protect our business, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data

Login Information

Registration Information

Technical Information

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation)

Necessary to comply with a legal obligation

To use data analytics to improve the Site, services, marketing, customer relationships and experiences

Technical Information

Communication Information

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy)

To store your contact information for marketing purposes and sending marketing and other promotional communications to you.

Registration Information

Marketing Information

Necessary for our legitimate interests in promoting our services.

Sharing this information

Credit or debit card payments will be collected by our payment processor.

In order for payments to be processed you may need to provide some necessary details to our agent. We tell you about this at the point we collect that information on the Site.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected.

We may share customer information with third parties to perform services on our behalf in order to improve our services and you hereby consent to us sharing such customer information.

Other than as set out above, we will not disclose any of your personal information without your permission unless we are required by law to do so (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime).

Information automatically collected from your computer

Log files/IP addresses. When you visit the Site our web server automatically records your IP address. This IP address is not linked to any of your personal information. We may also gather other non-personal information (from which we cannot identify you) such as the type of your internet browser which we use to provide you with a more effective service.

Cookies. When you visit the Site we may store some information (commonly known as a “cookie”) on your computer. Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web. Passwords and credit card numbers are not stored in cookies. A cookie helps you get the best out of the Site and helps us to provide you with a more customised service. We use cookies for the following purposes:

Storing details about your site preferences (for instance which language you wish to view pages in);

Storing details about any properties you have short-listed;

Enabling our web server to track your session between pages of the site and provide a continuity of experience.

You can block or erase cookies from your computer if you want to (your browser’s help screen or manual should tell you how to do this), but certain parts of the Site are reliant on the use of cookies to operate correctly and may not work correctly if you set your browser not to accept cookies.

When using our site, there are a number third parties who also need to store cookies for essential running of the site. These include but are not limited to:

Amazon for the running of our load balancers;

Google to enable Interactive Maps, help us with Analytics and provide remarketing campaigns tailored to your browsing using Google Advertiser Features. If you wish to opt out out of the Google Advertiser Features please click here for details.

If you have any other concerns, please contact us.

Security

We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):

protecting our servers with software firewalls;

locating our data processing storage facilities in secure locations;

encrypting all data stored on our server with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;

when necessary, disposing of or deleting your data so it is done so securely;

regularly backing up and encrypting all data we hold.

We will ensure that our employees are aware of their privacy and data security obligations. We will take reasonable steps to ensure that the employees of third parties working on our behalf are aware of their privacy and data security obligations.

This notice and our procedures for handling personal data will be reviewed as necessary.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use the strict procedures and security features referred to in this clause to try to prevent unauthorised access

Your privacy rights

The GDPR gives you the following rights in respect of personal data we hold about you. You have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Ask us to correct any information that we hold about you which is incorrect, incomplete or inaccurate.

Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.

Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.

Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.

Ask us to transfer your personal information to another person or organisation.

If you have given your consent to us processing your personal information (for example, consent to receive information about our seminars and events), you have the right to withdraw your consent at any time. To withdraw your consent, please contact notices@onefinestay.com. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely (although we may in some circumstances need to continue to process your data, if so then we will confirm the reasons for this).

Retention

Our current data retention policy is to delete or destroy (to the extent we are able to) the personal data we hold about you in accordance with the following retention periods:

Category of personal data

Length of retention

Records relevant for tax and customs authorities

8 years from the end of the year to which the records relate

Personal data processed in relation to a booking or contract between you and us

7 years from either the end of the contract with us or if later, from the date of the booking

Personal data held on marketing or business development records

7 years from the last date on which you have interacted with us in any way

For any category of personal data not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data.

The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an ongoing investigation into the data).

We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.

If you wish to request that data we hold about you is amended or deleted, please refer to the Your Privacy Rights section above, which explains your privacy rights.

Other Sites

We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our Site and recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

In addition, if you linked to this Site from a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

Transferring your information outside of Europe<

As part of the services offered to you through the Site, the information you provide to us may be transferred to countries outside of the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU or one of our service providers is located in a country outside of the EU. We may also share information between group companies, which may be located in countries worldwide. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EU in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy.

If you use the Site while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Further questions,/

If at any time you would like to contact us with your views about our privacy practices or if you would like to exercise any of your rights, or with any enquiry relating to your personal information, you can do so by emailing us at notices@onefinestay.com.

If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.